Tags
Aktuelle Nachrichten
America
Aus Aller Welt
Breaking News
Canada
DE
Deutsch
Deutschsprechenden
Europa
Europe
Global News
Internationale Nachrichten aus aller Welt
Japan
Japan News
Kanada
Konflikt
Korea
Krieg in der Ukraine
Latest news
Maps
Nachrichten
News
News Japan
Polen
Russischer Überfall auf die Ukraine seit 2022
Science
South Korea
Ukraine
Ukraine War Video Report
UkraineWarVideoReport
Ukrainian Conflict
United Kingdom
United States
United States of America
US
USA
USA Politics
Vereinigte Königreich Großbritannien und Nordirland
Vereinigtes Königreich
Welt
Welt-Nachrichten
Weltnachrichten
Wissenschaft
World
World News
27 Comments
It only took them 13 years to catch up to xkcd
[https://xkcd.com/936/](https://xkcd.com/936/)
🙂
>For years, conventional wisdom advocated for passwords that were highly complex, combining upper and lower case letters, numbers and symbols. This complexity was thought to make passwords harder to guess or crack through brute force attacks.
>
>However, these complex requirements often led to users adopting poor habits, such as reusing passwords or choosing overly simple ones that barely met the criteria, like “P*ssw0rd123.’
>
>Over time, NIST found that this focus on complexity was counterproductive and actually weakened security in practice.
Anecdotally, this tracks. Plenty of my colleagues and family members do stuff like this.
For me, this isn’t a problem since I use a local password manager, but it’s uncertain how much of the general public does so as well. It’ll be interesting to see if there’s more normalization of password managers now that it’s being built into iOS.
I like when companies let you use long phrase with no special characters. Like somewhereovertherainbow those companies get me, and they also get my business.
Password reuse is more problematic than password complexity.
Even if you’re using the xkcd method, you can only remember so many gibberish strings, especially for login systems that aren’t compatible with a password manager.
And once you start reusing them, if one place gets compromised, you’re suddenly vulnerable everywhere.
Password managers for the win! “But what about when password managers get hacked?” You’re right! Just use the same password everywhere. That way when dildolubewarehouse.com inevitably gets hacked and your omnipresent password is on the dark web, you’ll lose access to everything and won’t have to worry about *any* passwords anymore. Brilliant!
This title is misleading.
One thing I learned from my high school teacher. Think of a song and select 1 line. Take the first letter of each word in that line and that’s your password. Impossible to guess or brute force.
But then you can’t do that for 50 websites.
So I just use BitWarden now.
My company requires long passwords that change every couple of months on about 5 different computer systems and not allowed to reuse similar passwords. They also don’t allow password manager. So I just have sticky notes pasted to my computer monitor.
Isn’t already known that the biggest security risk isn’t hacked passwords but social engineering of malware in bogus emails? I know at my last job, every time there was a breach it was because someone clicked what they shouldn’t.
People who have to change passwords or make them complicated all the time tend to write them down and put them on stick by notes on monitors
Thanks but I’ll take my technology advice from some other publication than Forbes
Correct horse battery staple
Constantly forcing users to change passwords also causes bad habits. Eventually people can’t remember them and are forced to write them down.
Two issues right now, the forcing of so many upper case, lower case, number, symbol while at the same time restricting length to something like 16 characters.
Let me use “It was the beast of times, it was the wurst of times”
Honestly, at the rate of frequency websites and companies are being hacked, what’s even the point?
Passkey, biometrics, and/or 2FA need to become the norm.
Use a pass-phrase. Easier to remember and much longer than a normal password. More characters makes it safer not what the characters are.
I use entire sentences with number in them and punctuation.. fake example: “Tonight were gonna party like its 1999!”
Super easy to remember and long as fuck.
My work password is Companyname!CurrentYear
And I guarantee I’m not the only one
2FA is da beast
Who wrote this? Hackers or the govt
Just kill me.
Only if you’re lazy. Your long, complex, unique passwords are fine.
I can remember long (20-character), nonsensical passwords in mixed case plus numbers and symbols. My memory is not great, but for random shit it is solid. It takes me a few weeks to learn them, but they stick forever. I don’t need to write them down, and I can hold about 5 of them in my head.
But, then, the IT policy wherever I work requires password changes every 45-75 days, so why even try?
And simple passwords are easily cracked.
I hate it here.
Companies not held responsible for our data makes us less safe.